BAS RESEARCH REPORT: THE CURRENT STATE OF SMART BUILDING CYBERSECURITY

The OT Research Team at Forescout performed an exercise in vulnerability and malware research for devices commonly used in building automation system (BAS) networks.

The goal was to create a proof-of-concept malware targeting BAS networks to raise awareness about a problem that will likely become increasingly serious over the next few years as the Internet of Things (IoT) continues to expand.

Topics covered in this research paper include:

An analysis of the security landscape for BAS networks

The discovery and responsible disclosure of previously unknown vulnerabilities in building automation devices

The development of a proof-of-concept malware for BAS that persists on devices at the automation level

A discussion on how improved visibility into BAS networks can help improve building automation system cybersecurity by promptly detecting threats